gafaelfawr — Authentication & identity#
Gafaelfawr provides authentication and identity management services for the Rubin Science Platform.
It is primarily used as an NGINX
auth_request handler configured via annotations on the
Ingress resources of Science Platform services.
In that role, it requires a user have the required access scope to use that service, rejects users who do not have that scope, and redirects users who are not authenticated to the authentication process.
Gafaelfawr supports authentication via either OpenID Connect (often through CILogon or GitHub).
Gafaelfawr also provides a token management API and (currently) UI for users of the Science Platform.
View on GitHub